So has anyone been to an SU course? I have been aware of them for some time, but the nature of their material originally had me looking elsewhere. Recently I looked again, and I noticed they are emphasizing the hands on nature of their courses, and I noted one review particularly intriguing.

As an Army Information Systems Management (FA53) officer focusing on Cyber Defense, I've had the opportunity to train and certify in several IA/CND specific programs as well as work a myriad of Army Cyber Defense workforce training and development issues.

Having just recently completed the Security University (SU) Qualified Security Analyst (Q|SA) and Qualified Penetration Tester License (Q|PTL) courses I can confidently say that Sondra and her team have built an exceptional program of instruction; capturing the essential elements of security analysis and penetration testing methodologies and delivering them in a clear and concise format in a blended learning environment of lecture and hands-on practical skill development with scenario-based final examinations. SU training techniques are a perfect match for our military cyber defense workforce goals since they not only train the relevant concepts of cyber defense and its CND specialties but also in the case of Q|SA and Q|PTL courses challenge the students to apply those concepts in a "tactical" setting that an actual security analyst or penetration tester might see.

Security University's Q|SA / Q|PTL program of instruction is impressive and superior to some other training programs in several ways; one of them being the daily hands-on assessment of critical skills being taught. Another was the realistic practical final exam which included a penetration test with a final report that required some in-depth analysis of the resulting sets of data. I spent 30 post-course hours alone on analyzing the data and developing a 32 page report. That's definitely an experience you're not going to get through other training programs that teach a five day curriculum that's predominately lecture based. The Q|SA and Q|PTL courses also expose the students to a wide range of open and closed source automated tools for use in security analysis and penetration testing as well as the built-in assessment and exploitation capabilities of both Linux and Windows based operating systems. I honestly can't understand how we expect to conduct defense in depth across the GiG without our technical workforce understanding basic exploitation, which is exactly what's missing from many other approved certifications. SU equally balances this with methodology and analysis techniques rather than relying on specific toolsets since tools frequently change and are always subject to interpretation of their results.

Many leaders and managers in a resource constrained environment try to meet FISMA compliance by targeting those one-shot, many-kills certifications that are on the DoD 8570.01M chart with little regard for how relevant the training might be for certain 8570 categories. No better example can be given than the inclusion of CISSP as an IAT validating certification. Being a CISSP I can attest that it's a great certification for a security manager as it is wide and deep in several essential bodies of knowledge. But it will not enable a security technician, especially at the enclave level, to secure enterprise environments from a hands-on technical approach nor understand the threat and environment essential to effective defense in depth. Therefore it adds little value for an organization to have an IAT-III CISSP from a technical standpoint, but practically, that person can also fill other roles since CISSP covers everything from IAT-I through IAM-III. Hence, managers focus on CISSP and miss excellent training like Security University's programs.

Security University training should be a major part of any organization's information security training programs. Maj. Shane Liptak, 2010

Note the date, if correct, this is honestly before many of the practical offerings that I am aware of became known in the market.

In any case, I will (hopefully) be taking a series of courses with them over the next two years. for any personnel with GI Bill eligibility, they are a confirmed GI bill eligible organization, and you can take some courses at no cost to you. More importantly, after talking with the Owner of SU, Sondra, this woman is a Security professional, I am looking forward to the true learning nature of the courses.

They also have a youtube channel with some course material, I would like you guys to view a video or two, tell me what you think. The instuctor that I viewed sounded knowledgeable.

Maybe I spend to much time in Academia, but I think a better choice would be WGU or a NSA Center of Excellence school. But that's just from looking at there site. it might be worth it, if all you want are the certs, but if that's the case, look around and see if there are other cheaper options.

But remember, I've not had dealings with them, and am basing this off spending less than 10 minutes on their site.

I guess I didn't update this thread, Since they are an VA approved "school" I was able to use my GI Bill to buy their class pass. I first took the QND course, the Qualified Network Defender.

Overall a good class, I'll repost a full review later, but the selling point of this course specifically was the hands on labs. We were able to get some hands on with writing ACLs and testing them, using some well known WAF Software, implement a DMZ, ect. We were able to see how these security implementations work in a network. Its not the network defense class that I am ultimately looking for, you might want to look at SANS NETWARS for something like that, but after this class, you might be a little more prepared. Also, there is an online exam, and if you pass, then you get to take home the practical exam which basicly involves creating an unsecure network, using vms, then implementing security.

I am looking forward to my next class with them, it will likely be the QEH (think CEH+) or QSA/PTL (ECSA). While I have the CEH, I would like to see how they do the CEH, and get some more hands on.